This topic gives you security recommendations for VMware Tanzu for Valkey on Cloud Foundry.
To allow VMware Tanzu for Valkey on Cloud Foundry to have network access you must create app security groups (ASGs). For more information, see Networks, security, and assigning AZs.
VMware recommends the following best practices for security:
Run Tanzu for Valkey on Cloud Foundry in its own network. For more information, see Creating networks in Tanzu Operations Manager.
Use Tanzu for Valkey on Cloud Foundry with the IPsec Add-on. For information about the IPsec Add-on, see Securing data in transit with the IPsec add-on.
Do not use a single Tanzu for Valkey on Cloud Foundry instance for multi-tenancy. A single Valkey instance of the On-Demand service should only support a single workload.
Do not use the Shared-VM service for production use cases. It is not considered adequately secure for that purpose, even though it is designed for multi-tenancy.
Set TLS to Optional and encourage app developers to make use of the TLS port. For more information, see Using TLS.